What We Do

Next-Gen SIEM Platform

Our cloud-native platform provides the foundation for SOC-as-a-Service.

Cysiv’s next-gen, co-managed SIEM addresses the limitations and frustrations associated with traditional SIEMs and other products used in a SOC. Our cloud-native platform automates and improves critical processes for truly effective threat detection, hunting, investigation and response.

“Unlike the rigid, monolithic architecture of older SIEMs, our cloud-native architecture fully leverages all the advantages of microservices. It’s flexible and adaptable, easier to manage and maintain, and we can quickly release new customer-driven features, often in weeks, without disruption.”
Dan Smith
Cysiv Principal Architect

Key SOC Technologies, All In One

Cysiv Command combines essential technologies for a modern SOC into a comprehensive, unified, cloud-native platform and is the foundation for SOC-as-a-Service.

cysiv_webgraphics_keytech

 

Connector

Most telemetry can be pulled from APIs or sent securely to Cysiv Command over the internet. For older sources, such as logs over Syslog UDP, Cysiv Connector provides an encrypted conduit for passing all required telemetry from your environment to the Cysiv platform.

Connector_icon2

SIEM / Data Lake

Our SIEM complements—or for some, can replace—an existing SIEM, providing core functionality:

  • Collects and normalizes events in real time from a broad range of security and infrastructure sources
  • Normalizes all formats to a common information model
  • Provides historical analysis, visualizations and tiered data storage that optimizes performance and cost
  • Massively scalable, purpose-built, indexed data lake with tiered data storage (hot, warm, and cold) and rapid full-text search.
SIEM_DataLake_icon2

Threat Detection Engine

Cysiv’s threat detection engine applies a blend of detection techniques that leverage signatures, threat intelligence, user behavior, statistics, and machine learning to automatically identify potential threats and ensures analysts focus on the most critical detections first.

ThreatDetection_icon2

Security Orchestration, Automation & Response (SOAR)

Orchestrates the SOC process from detection through investigation and response with built in case management, notifications and workflows.

Provides security automation through multiple enrichment sources, including IP geolocation, user and asset information, and correlation to multiple intelligence sources.

SOAR_icon2

User and Entity Behavior Analytics (UEBA)

Behavior-based analytics are used to detect significant changes to behavior or anomalous activity for an entity.

Standard profiles and behaviors are built for users and hosts across time, and any activity that is anomalous to these standard baselines is triggered as suspicious.

UEBA_icon2

Threat Intelligence

IOCs from dozens of high-quality sources worldwide are classified, corroborated, and scored to provide finished intelligence that is leveraged across the threat detection, hunting, and investigation process.

Community threat exchange: Anonymized IOC data can also be shared amongst opt-in community members.

ThreatIntel_icon2

Case Management

Provides workflow capabilities, tight integration, transparency, and seamless communication and collaboration during detection handling and incident management.

Based on the NIST Incident Response Life Cycle, it supports integrations with third party products including ServiceNow and RSA Archer.

CaseManagement_icon2

Dashboards & Compliance

Pre-configured and customizable dashboards provide key performance indicators relevant to a variety of roles, including analysts/IR, engineers, executives, SOC manager, and compliance/risk managers.

Telemetry retention satisfies compliance requirements.

DashboardsCompliance_icon2

Benefits of Our Platform

Security & Operations
icon-speed-agility
Speed & Agility

Faster threat detection, investigation and response

icon-advanced-detection
Advanced Detection

Detects previously unknown threats

icon-security-readiness
Security Readiness

Enables powerful threat hunting and forensics

icon-standardization
Standardization

Ensures standardized response processes

icon-efficiency
Efficiency

Reduces false positives, eliminates alert fatigue, and improves confidence

icon-security-excellence
Security Excellence

Ensures adherence to security best practices

Watch the Video

Platform Demo v6 - H264

Benefits of our Platform

Cloud-Native Architecture
icon-no-software
No Software

No software to license, install, deploy or manage

icon-no-hardware
No Hardware

No hardware to purchase, manage or maintain

icon-resilience
Resiliency

Better resiliency with fewer service disruptions

icon-frequent-updates
Frequent Updates

Regular feature updates, without interruption

icon-scalability
Scalability

Instantaneous and massive scalability

icon-works-anywhere
Works Anywhere

Remote login and co-management

Cloud Native Architecture

Learn why a cloud-native architecture is critical for a modern SOC, and how Cysiv has…

Cysiv Cloud Native Blog

Request a Demo Today